Wubi is an officially supported Ubuntu installer for Windows users that can bring you to the Linux world with a single click. Wubi allows you to install and uninstall Ubuntu as any other Windows application, in a simple and safe way. Are you curious about Linux and Ubuntu? Trying them out has never been easier!

Wubi is Simple
No need to burn a CD. Just run the installer, enter a password for the new account, and click "Install", go grab a coffee, and when you are back, Ubuntu will be ready for you.

Wubi is Safe
You keep Windows as it is, Wubi only adds an extra option to boot into Ubuntu. Wubi does not require you to modify the partitions of your PC, or to use a different bootloader, and does not install special drivers. It works just like any other application. Wubi is spyware and malware free, and being open source, anyone can verify that.

Wubi is Discrete
Wubi keeps most of the files in one folder, and if you do not like it, you can simply uninstall it as any other application.

Wubi is Free
Wubi and Ubuntu cost absolutely nothing (free as in beer), but yet provide a state of the art, fully functional, operating system that does not require any activation and does not impose any restriction on its use (free as in freedom).

A common attitude among people who believe in free software is to stick it to “the man.” For some people, that translates into spending a ton of free time porting Linux to devices that were never designed for it.
This is one of the things that always amazes me when I read about the latest high-tech devices that been modified to run Linux. Some of these implementations may be incomplete, and I’m not sure why someone would take a brand new device and risk bricking it…
Here’s a short list of devices that make unlikely with Linux. Enjoy!

To install MySQL, run the following command from a terminal prompt:sudo apt-get install mysql-server

During the installation process you will be prompted to enter a password for the MySQL root user.

Once the installation is complete, restart the MySQL server: sudo /etc/init.d/mysql restartCheck if MySQL is running: sudo netstat -tap | grep mysqlyou should see the following line or something similar:

tcp 0 0 localhost.localdomain:mysql *:* LISTEN -

Configuration

You can edit the /etc/mysql/my.cnf file to configure the basic settings -- log file, port number, etc. For example, to configure MySQL to listen for connections from network hosts, change the bind_address directive to the server's IP address:

bind-address = 192.168.0.5

[Note] Replace 192.168.0.5 with the appropriate address.

After making a change to /etc/mysql/my.cnf the mysql daemon will need to be restarted:

Ubuntu installs GNU GRUB as its default boot loader, which allows for great flexibility and recovery options. For example, when you install additional kernel images, these are automatically added as available boot options in the grub menu. Also, by default, alternate boot options are available for each kernel entry that may be used for system recovery.

To add a password for use with grub, first you must generate an md5 password hash using the grub-md5-crypt utility: grub-md5-crypt

The command will ask you to enter a password and offer a resulting hash value as shown below:

The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall.

The following are some examples of how to use ufw:

First, ufw needs to be enabled. From a terminal prompt enter: sudo ufw enable To open a port (ssh in this example): sudo ufw allow 22 Similarly, to close an opened port: sudo ufw deny 22 To remove a rule, use delete followed by the rule: sudo ufw delete deny 22ufw can be disabled by: sudo ufw disable

It is also possible to allow access from specific hosts or networks to a port. The following example allows ssh access from host 192.168.0.2 to any ip address on this host:

This will result in the DHCP server giving a client an IP address from the range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will lease an IP address for 600 seconds if the client doesn't ask for a specific time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The server will also "advise" the client that it should use 255.255.255.0 as its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers.

The Amahi server is Linux-based, which means it's reliable and virus-free. The project aims to be 100% compatible with PCs and Macs. The goal is to make it a joy to install, run, and more so, a joy to use!

Hardware Requirements
* The machine should be at least Pentium 3 running at 800MHz
* Recommended RAM is 256 or greater, but it can be done with a little as 128MB
* Some disk space (some users like it large, to store their media)
* One network device

Banshee is adding video support to its list of features. According to the v1.0 Alpha 2 release notes, his release brings a much sought after feature for Banshee - Video management and integrated playback! Your Video Library supports searching, playlists, smart playlists, queuing, and even bookmarks, just like your Music Library.

The Music and Video libraries are separated in the interface to provide a clean separation of content, so video will never be mixed in with music - when browsing or searching.

If you are running openSUSE 10.3 there is a 1-Click Install available:

MythTV is a GPL licensed suite of programs that allow you to build the mythical home media convergence box on your own using Open Source software and operating systems. MythTV is known to work on Linux and Mac OS X (PowerPC and Intel). It does not run on Windows.

After long hours and endless work the Mythbuntu team is excited about the release of Mythbuntu 8.04. This release is built on the LTS base of Ubuntu 8.04 Hardy Heron. We would like to thank everyone that contributed in getting to this second release.

Ubuntu uses a user interface (or desktop environment) called Gnome. Gnome is focused on simplicity and usability. Ubuntu includes a bunch of Gnome-native applications such as Rhythmbox (music player), Sound Juicer (CD player and ripper), Evolution (email client and calendar), and Gedit (text editor). You can find the full list of software packages in ubuntu-desktop here.

Kubuntu uses the K Desktop Environment (also known as KDE). KDE is focused on including a lot of point-and-click configuration options immediately available to end users. Kubuntu includes a bunch of KDE-native applications such as AmaroK (music player), K3B (CD burning), Konqueror (web browser and file manager), and Kopete (instant messenger). You can find the full list of software packages in kubuntu-desktop here.

Xubuntu uses the Xfce desktop environment, which is a lighter one than Gnome or KDE. In terms of its design principles, it has a bit of a balance—presenting in some ways more point-and-click configuration options than Gnome but also retaining some of the simplicity of Gnome. Its main appeal is its speed, though, and it's ideal for systems with 128 to 256 MB of RAM. Both Ubuntu and Kubuntu can run on 256 MB of RAM, but they're more ideal for 512 MB of RAM or more. Xfce includes Thunar (file manager), Thunderbird (email client), and Mousepad (text editor). You can find a full list of software packages in xubuntu-desktop here.

Edubuntu uses the Gnome desktop environment but has a different set of default applications from Ubuntu. Its focus is on educational tools. It includes GPaint (an easy to use paint program), Atomix (a puzzle game for building molecules out of isolated atoms), and Xaos (a real-time interactive fractal zoomer). You can find a full list of software packages in edubuntu-desktop here.

Gobuntu is a GNU/Linux operating system, derived from Ubuntu, that endeavors to adhere to the Free Software Foundation's four freedoms and intends to provide a base for other free software platforms to build upon with minimal modification required. It does this by only including open-source non-restricted software. This means there will be no firmware, drivers, applications, or content included in Gobuntu that does not include the full source or whose license does not provide the right to use, study, modify, and redistribute the body of work.

Gobuntu shares the same system requirements as Ubuntu. At present, this means Gobuntu is available for 32-bit and 64-Bit PC architectures and the install requires at least 4 GB of disk space. you can get Gobuntu here

The Open Graphics Project's long-awaited open source graphics card is ready for order by developers. Designed by Traversal Technology, the OGD1 boasts an open source hardware design based on a Xilinx Spartan-3 XC3S4000 FPGA, and is intended as an FPGA development platform, says the OGP.

The Open Graphics Project announced its plan back in 2005 to develop a basic graphics card with an open source hardware design. A central goal of the OGP is to streamline driver development, since binary drivers from graphics manufacturers are typically difficult to work with. The group hopes eventually to release a commercial version suitable for consumers.

Availability

The OGD1 is available for order now for $1,500 (or $1,400 for the first 100 orders). Manufacturing will begin once 100 orders have been received, says the group. More information may be found here.

1. What is the current listing status?
2. What happened when Google visited this site?
3. Has this site acted as an intermediary resulting in further distribution of malware?
4. Has this site hosted malware?

"Of the 274621 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 05/22/2008, and the last time suspicious content was found on this site was on 03/13/2008. Malicious software includes 4 scripting exploit(s), 4 trojan(s). Successful infection resulted in an average of 10 new processes on the target machine. Malicious software is hosted on 4 domain(s), including 58.65.239.0, truemaybe.com, abc-powers.com. 5 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including xtraff.biz, x-traffic.ws, smartvideochannel.com."

Despite all of these findings, google.com is not listed as suspicious, probably because the domain is whitelisted or the suspicious content is not very significant. It's likely that the domains listed above are from Google's search results, so that means the anti-malware system doesn't respect robots.txt.

Rootkit Hunter
rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits.

Specifically, rkhunter is a shell script which carries out various checks on the local system to try and detect known rootkits and malware. It also performs checks to see if commands have been modified, if the system startup files have been modified, and various checks on the network interfaces, including checks for listening applications.

rkhunter has been written to be as generic as possible, and so should run on most Linux and UNIX systems. It is provided with some support scripts should certain commands be missing from the system, and some of these are Perl scripts.

It performs log analysis, integrity checking, monitoring, rootkit detection, real-time alerting and active response. In addition to being deployed as an HIDS, it is commonly used strictly as a log analysis tool, monitoring and analyzing firewalls, IDSs, web servers and authentication logs.

ClamAV
Clam AntiVirus is an anti-virus toolkit, designed especially for e-mail scanning on mail gateways.
It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.

The core of the package is an anti-virus engine available in a form of shared library.

Features include:
* Command-line scanner
* Fast, multi-threaded daemon with support for on-access scanning
* Milter interface for sendmail
* Advanced database updater with support for scripted updates and digital signatures
* Virus scanner C library
* On-access scanning
* Virus database updated multiple times per day (see home page for total number of signatures)
* Built-in support for various archive formats.
* Built-in support for almost all mail file formats
* Built-in support for ELF executables and Portable Executable files compressed and others
* Built-in support for popular document formats including MS Office and MacOffice files, HTML, RTF and PDF
HomePage: http://www.clamav.org/

AVG Free
AVG Free for Linux is a commercial-grade antivirus product. It can be used on a single computer and is intended for private, non-commercial use only.

AVG Free can be run entirely from the command prompt but there is also a graphical front end available. Using the command line offers some extras such as creating a report file, while updates are easy to apply and can be scheduled.

The graphical user interface is both efficient and simple, and it can be used even by inexperienced Linux system users.

It can be used to provide email scanning from the internet, to any internal network and is ideal for helping to protect your "Other OS" LAN from harm, especially when used in conjunction with a firewall and other Internet Proxy servers.

It provides scanning of incoming/outgoing email messages for Viruses, Worms, Trojans, Spam, and harmful attachments. Because viewing HTML mail can enable a "Spammer" to validate an email address (via web bugs), it can also provide HTML tag stripping.

F-Prot Antivirus
For home users using the Linux open-source operating system, company offer F-Prot Antivirus for Linux Workstations. F-PROT Antivirus for Linux Workstations utilizes the renowned F-PROT Antivirus scanning engine for primary scan but has in addition to that a system of internal heuristics devised to search for unknown viruses

F-PROT Antivirus for Linux was especially developed to effectively eradicate viruses threatening workstations running Linux. It provides full protection against macro viruses and other forms of malicious software - including Trojans.

Linux Explorer ( LINUXexplo ) is a script that collects information about a linux server for support purposes, similar to the Solaris explorer ( SUNWexplo ) , Redhat's "sysreport" and SuSE's "siga" script.

The script is designed to help collect as much information as possible to help support linux and have a common set of scripts for collecting information about linux no matter what distro users are using.

The information is stored in seperated directories, once all the information has been collected it then tar's up those directories into a single gzip tar file which can then be attached to an email for your support organization or copied to a remote server for safe keeping.

This is a video image capture application using the unicap toolkit. It provides a simple way to parametrise the video device, can capture still images from the video stream or record the stream as an .MPEG file. By using unicap, it can access many different video capture devices like webcams, video grabber boards, IEEE-1394 ( FireWire ) cameras and others.

Salasaga is an Integrated Development Environment for producing eLearning (swf), similar to Adobe Captivate. Licensed under the LGPL.

Imagine a free, easy to use GUI authoring environment that helps you create visually impressive and actually useful learning material. The short term goal for this project is to provide such an environment, and we're well on the way to a first release for doing that.

Initially similar to Adobe Captivate, but will eventually incorporate an AJAX (browser based) playback capability for advanced content. Flash has at least one serious design limitation (from my POV) making it nearly useless for comprehensive eLearning, and this appears to be addressed by the existing capabilities of AJAX in browsers these days.

This application requires GTK+ version 2.10.x. Other dependencies include:
* Pango - version 1.16 or higher is known to work
* libxml2 - version 2.6.30 or higher is known to work
* Ming - version 0.3.0 or higher is known to work

The Sphinx Group at Carnegie Mellon University is committed to releasing the long-time, DARPA-funded Sphinx projects widely, in order to stimulate the creation of speech-using tools and applications, and to advance the state of the art both directly in speech recognition, as well as in related areas including dialog systems and speech synthesis.

The CMU Sphinx project released a set of reasonably mature, world-class speech components that provide a basic level of technology to anyone interested in creating speech-using applications without the once-prohibitive initial investment cost in research and development; the same components are open to peer review by all researchers in the field, and are used for linguistic research as well.

Originally a brownish color to match the Ubuntu theme, it does not quite fit with other themes and might want to be changed. Enter the gdm.conf file (sudo gedit /etc/gdm/gdm.conf). search the below lines in the file:

iftop displays network usage by connection. The default display shows the connection endpoints (port numbers may be toggled using the p key), with data transfer volumes displayed in numeric format and as a horizontal bargraph using reverse video. Various keys provide control over the display; pressing ? displays a help page listing these keys. iftop also provide command-line options for traffic filtering and interface selection.

The information displayed by iftop is detailed and easily understood. When an application is hogging your network bandwidth, iftop can be an invaluable tool -- though you may need to also use netstat -p to determine which process is behind a particular connection.

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.

Danga Interactive developed memcached to enhance the speed of LiveJournal.com, a site which was already doing 20 million+ dynamic page views per day for 1 million users with a bunch of webservers and a bunch of database servers. memcached dropped the database load to almost nothing, yielding faster page load times for users, better resource utilization, and faster access to the databases on a memcache miss.

How it Works

First, you start up the memcached daemon on as many spare machines as you have. The daemon has no configuration file, just a few command line options, only 3 or 4 of which you'll likely use:

# ./memcached -d -m 2048 -l 10.0.0.40 -p 11211

This starts memcached up as a daemon, using 2GB of memory, and listening on IP 10.0.0.40, port 11211. Because a 32-bit process can only address 4GB of virtual memory (usually significantly less, depending on your operating system), if you have a 32-bit server with 4-64GB of memory using PAE you can just run multiple processes on the machine, each using 2 or 3GB of memory.

Mplayer for linux is a great movie player. MPlayer is well known for its wide format support and is known to support more multimedia formats than any other player. MPlayer easily plays MPEG/VOB, AVI, Ogg/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4,RealMedia, Matroska, NUT, NuppelVideo, FLI, YUV4MPEG, FILM, RoQ, PVA files, supported by many native, XAnim, and Win32 DLLcodecs. With Mplayer, You can watch VideoCD, SVCD, DVD, 3ivx, DivX 3/4/5, WMV and even H.264 movies

xine is a free multimedia player. It plays back CDs, DVDs, and VCDs. It also decodes multimedia files like AVI, MOV, WMV, and MP3 from local disk drives, and displays multimedia streamed over the Internet. It interprets many of the most common multimedia formats available - and some of the most uncommon formats, too.

Kaffeine is another cool media player for KDE. Kaffeine supports multiple player engines while its default engine is Xine. Kaffeine can easily keep track of multiple play lists simultaneously and give you the ability to auto load subtitles files when playing a certain video giving Kaffeine a wide variety of supported media types and letting Kaffeine access CDs, DVDs, and network streams easily. With the latest updates, Kaffeine is able to play nearly every known audio and video format, however some may only be played with proprietary codecs. Kaffeine features include streaming, DVB, DVD, Video CD and CD audio.

VLC media player is a highly portable multimedia player for various audio and video formats (MPEG-1, MPEG-2, MPEG-4, DivX, mp3, ogg, ...) as well as DVDs, VCDs, and various streaming protocols.
It can also be used as a server to stream in unicast or multicast in IPv4 or IPv6 on a high-bandwidth network.
It doesn't need any external codec or program to work.

Realplayer 11 for Linux is also something which a lot of people use to play more video, popular windows media files, real media filesand much more. With Realplayer you can create your personal playlists, control live streams and enjoy 5.1 surround sound (If you have good sound system)

The scp command can be used to transfer files between machines over a secure, encrypted connection. It is similar to rcp. The general syntax to transfer a local file to a remote system is as follows:scp username@hostname:/home/nikesh/log /tmp/log

The sftp utility can be used to open a secure, interactive FTP session. It is similar to ftp except that it uses a secure, encrypted connection. The general syntax is sftp username@hostname.com. Once authenticated, you can use a set of commands similar to those used by FTP

1) cd john-1.7.0.2/src
2) Then we need to rum make command which will return a list of available systems that John the Ripper password cracker can be compiled on.
3) Choose your appropriate architecture, and compile: make linux-x86-any
4) Go and run the john the ripper binary:
cd ../run/
ls
./johnUsing John the ripper:
For testing purposes you should create a testing user "johnripper" with password "password".

poison:~ # useradd johnripperpoison:~ # passwd johnripper
Changing password for johnripper.New Password:
Reenter New Password:Password changed.poison:~ #Time to Crack password:
John the Ripper's password cracker needs to access a shadow file in order to be able crack a password. You need to run "john" as superuser "root". Be sure that John Binary is in your path, or you are in directory where john Binary resides. Try and see how long it will take to crack your super secure password of: "password"

man = display the man pages for a stated command| = pipe the output of the man pages somewhere elsecol -b = format the output> = send the output to a filefilename.txt = name of the file you wish to create and populate with output

Journaled file systems write critical information about file system operations to a journal before actually modifying files. In the event of an unclean shutdown, the file system can be recovered more quickly by reading the journal instead of performing fsck. Journaling Options available in ext3

data=ordered - This is the default mode. Only meta data is journaled.data=journaled - Meta data and data are journaled.data=writeback - Not as good as “data=ordered”, but allows for a quicker fsck than standard ext2.

Converting from ext2 to ext3Because of their close relation, it is fairly simple to upgrade from ext2 to ext3:Modify file system type in /etc/fstab

Create the journal: tune2fs -j /dev/hda1

Make sure you fire mkinitrd command and create new initrd file for ext3 FS

The primary idea behind a TCP reset attack is to falsely terminate an established TCP connection. Lets imagine an established TCP connection from host A to host B. Now, a third host, C, spoofs a packet that matches the source port and IP address of host A, the destination port and IP address of host B, and the current sequence number of the active TCP connection between host A and host B. Host C sets the RST bit on the spoofed packet, so when received by host B, host B immediately terminates the connection. This results in a denial of service, until the connection can be reestablished. However, the severity of such an attack is different from application to application.

Setting the sticky bit tells Unix that once the concerned application is executed, it should remain in memory. Remember that Unix is a multi-user OS and was mainly designed so that multiple users can work simultaneously. Thus the logic used is that a program that exists in memory requires lesser time to start when a new user requests for the same program. Thus when one user has just used a program and then a new user wants to use the same program, the second user doesn't have to face a time delay for the program to initialize itself. It would be readily available to him. The concept of the sticky bit was a very useful one, long back when fast disk access and other memory access technologies weren't around. But in today's age the concept of sticky bit is obsolete, since modern day technology is advanced enough to reduce the time delay while loading applications into the memory. Thus currently the sticky bit is of very little significance. Sticky bit is only associated with executables.

SUID (Set User ID) Bit

Sometime you may faced an error while trying to run any application stating that the application must be 'SUID root' . You might have been confused that time, but now once you read this article you would no longer find it confusing.

SUID stands for Set User ID. This means that if the SUID bit is set for any application then your user ID would be set as that of the owner of application/file rather than the current user, while running that application. That means in case I have an application whose owner is ' root ' and it has its SUID bit set, then when I run this application as a normal user, that application would still run as root. Since the SUID bit tells Linux that the the User ID root is set for this application and whenever this application executes it must execute as if root was executing it (since root owns this file).

In case you have really understood the above you may be wondering - isnt this a major security risk? If users are able to run applications as root, then it must be definitely posing as a threat to the security of the system. Actually the SUID is used to increase the security in a way. Let me explain this with my own example I use on my machine.

SGID (Set Group ID) bit

Just like SUID, setting the SGID bit for a file sets your group ID to the file's group while the file is executing. IT is really useful in case you have a real multi-user setup where users access each others files. As a single homeuser I haven't really found a lot of use for SGID. But the basic concept is the same as the SUID, the files whose SGID bit are set would be used as if they belong to that group rather than to that user alone.

If you run a system that hosts multiple users, you might want to discourage them from using cron or at for whatever reasons. This can be done.

To restrict people from using cron, create a file called /etc/cron.deny and put the name of the user you want to restrict in there.

To restrict people from using at, create a file called /etc/at.deny, and put the name of the user you want to restrict in there. Be careful about restricting default system users like nobody. These accounts sometimes run their own jobs at specific times.

Moonlight is an open source implementation of Microsoft Silverlight for Unix systems.

Mono provides the necessary software to develop and run .NET client and server applications on Linux, Solaris, Mac OS X, Windows, and Unix. Sponsored by Novell (http://www.novell.com), the Mono open source project has an active and enthusiastic contributing community and is positioned to become the leading choice for development of Linux applications.

The below commands downloads all the required codecs from the Medibuntu repositories and enble the full multimedia support for your Ubuntu box, now with this you can play the encrypted DVD playback, Adobe Flash and non-native media files (Windows media, Apple QuickTime, Real, MP3).

If you want to know what is kernel oops:
An oops is a deviation from correct behavior of the Linux kernel which produces a certain error log. The better-known kernel panic condition results from many oops, but others may allow continued operation with compromised reliability.

When the kernel detects a problem, it prints an oops message and kills any offending process. The message is used by Linux kernel engineers to debug the condition which created the oops and fix the programming error which caused it.

Once a system has experienced an oops, some internal resources may no longer be in service. Even if the system appears to work correctly, undesirable side effects may have resulted from the active task being killed. A kernel oops often leads on to a kernel panic once the system attempts to use resources which have been lost.

kerneloops.org is a website that tries to help the developers of the Linux kernel by collecting so-called oopses, which are the crash signatures of the Linux kernel. The collected oopses are processed statistically to present information for the kernel developers, such as

* Which crash signatures occur the most? (and thus need to be fixed most urgently)
* When did a certain crash signature show up first?
* Which API functions are the most error prone?

It is run on a separate host system, where you create the policy files, and then copy them over and run them on the target system. It is able to handle everything from very simple rulesets to large and rather complicated ones. It has extensive abilities to handle different versions and installations of iptables, by configuration of which targets/matches are available on each host system, etcetera. The end result may be saved in an parsable configuration file (e.g., the real firewall scripts).

Turtle Firewall is a software which allows you to realize a Linux firewall in a simply and fast way.
It's based on Kernel 2.4.x/2.6.x and Iptables. Its way of working is easy to understand: you can define the different firewall elements (zones, hosts, networks) and then set the services you want to enable among the different elements or groups of elements.
You can do this simply editing a XML file or using the comfortable web interface Webmin.

You can find the Turtle Firewall Project and more information over here

Easy Firewall Generator for IPTables

Easy Firewall Generator is another interesting development when it comes to iptables and netfilter. Basically, Easy Firewall Generator is a PHP webpage where you specify options and specifics of your firewall, and once all of the configurations are done, you click a button, and the webpage spits out an iptables ruleset that you can utilize.

The script contains all the basic rules, and more specific ones to contain strange patterns in packets. It also contains specific IP sysctl changes that may be needed, loads necessary modules, et cetera. The whole ruleset is also written in a redhat init.d format.

The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet protocol suite. It is chiefly used by networked computers' operating systems to send error messages—indicating, for instance, that a requested service is not available or that a host or router could not be reached, the below are the 16 error codes for ICMP.

0 - Network unreachable - Tells you if a specific network is currently unreachable.

1 - Host unreachable - Tells you if a specific host is currently unreachable.

2 - Protocol unreachable - This code tells you if a specific protocol (tcp, udp, etc) can not be reached at the moment.

3 - Port unreachable - If a port (ssh, http, ftp-data, etc) is not reachable, you will get this message.

4 - Fragmentation needed and DF set - If a packet needs to be fragmented to be delivered, but the Do not fragment bit is set in the packet, the gateway will return this message.

5 - Source route failed - If a source route failed for some reason, this message is returned.

6 - Destination network unknown - If there is no route to a specific network, this message is returned.

7 - Destination host unknown - If there is no route to a specific host, this message is returned.

8 - Source host isolated (obsolete) - If a host is isolated, this message should be returned. This code is obsoleted today.

9 - Destination network administratively prohibited - If a network was blocked at a gateway and your packet was unable to reach it because of this, you should get this ICMP code back.

10 - Destination host administratively prohibited - If you where unable to reach a host because it was administratively prohibited (e.g., routing administration), you will get this message back.

11 - Network unreachable for TOS - If a network was unreachable because of a bad TOS setting in your packet, this code will be generated as a return packet.

12 - Host unreachable for TOS - If your packet was unable to reach a host because of the TOS of the packet, this is the message you get back.

13 - Communication administratively prohibited by filtering - If the packet was prohibited by some kind of filtering (e.g., firewalling), we get a code 13 back.

14 - Host precedence violation - This is sent by the first hop router to notify a connected host, to notify the host that the used precedence is not permitted for a specific destination/source combination.

15 - Precedence cutoff in effect - The first hop router may send this message to a host if the datagram it received had a too low precedence level set in it.

Question: How can I restrict/allow access to certain service on timely basis with iptables? For example restrict access to SSH between 7:00 pm - 8:00 am on weekdays?

Answer: You are welcome to use iptables patch-o-matic extension (pom or p-o-m) that allows you to match a packet based on its arrival or departure (for locally generated packets) timestamp. The syntax is the following:

iptables RULE -m time --timestart TIME --timestop TIME --days DAYS -j ACTION

Where:

--timestart TIME: Time start value (format is 00:00-23:59)
--timestop TIME: Time stop value (the same format)
--days DAYS: a list of days to apply, from (format: Mon, Tue, Wed, Thu, Fri, Sat, Sun).

This allows both udp and tcp traffic from either of the two class B networks to access port 22 on your machine. Of course, you need to have an sshd daemon running as well for this to work; the code above merely punches the required holes in the firewall.

The password expiration information for a user is contained in the last 6 fields. Password expiration for a select user can be disabled by editing the /etc/shadow file

You can also use chage command. The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.

Last password change : May 12, 2008Password expires : neverPassword inactive : neverAccount expires : neverMinimum number of days between password change : 0Maximum number of days between password change : 99999Number of days of warning before password expires : 7

To disable password aging / expiration for user foo, type command as follows and set:Minimum Password Age to 0Maximum Password Age to 99999Password Inactive to -1Account Expiration Date to -1

In order to optimize the YaST partitioner module for openSUSE users the user experience team decided to conduct a small survey to figure out how you deal with hard disk configuration. The survey contains some basic questions and its results will directly influence the redesign for the partitioner module.

The survey will be online until 28th May 2008 and the results will be published on openSUSE.org as soon as possible.

Gnome-RDP: Remote Desktop Client for the GNOME Desktop. Supported protocols: RDP, VNC, SSH. Configured sessions can be saved to the built in list. Additional programs required: rdesktop, tightvnc, ssh, gnome-terminal. Application can be run with Mono runtime.

Installation on Ubuntu:

sudo apt-get install gnome-rdp

Now that Gnome-RDP is installed lets fire it up:
Goto Applications->Internet->Gnome-RDP

Abyss is a diverse network tool designed for unix/linux with both active, and passive capabilities. It performs various types of portscans, with remote OS detection, and uses a multi-threaded model for fast simultaneous network
scans

Abyss also has sniffing capabilities based on complex BPF filters that display packet information, decode the payload, and perform passive OS detection.

AbysS Compiles on Linux, and FreeBSD. It is POSIX compliant, and should work on other unix varients running on x86.

regexxer is a nifty GUI search/replace tool featuring Perl-style regular expressions. If you need project-wide substitution and you’re tired of hacking sed command lines together, then you should definitely give it a try.

PDFCrack is a GNU/Linux (other POSIX-compatible systems should work too) tool for recovering passwords and content from PDF-files. It is small, command line driven without external dependencies. The application is Open Source (GPL).

Features:

* Supports the standard security handler (revision 2 and 3) on all known PDF-versions
* Supports cracking both owner and userpasswords
* Both wordlists and bruteforcing the password is supported
* Simple permutations (currently only trying first character as Upper Case)
* Save/Load a running job
* Simple benchmarking
* Optimised search for owner-password when user-password is known

Ext4 is the latest in a long line of Linux® file systems, and it's likely to be as important and popular as its predecessors. As a Linux system administrator, you should be aware of the advantages, disadvantages, and basic steps for migrating to ext4. This article explains when to adopt ext4, how to adapt traditional file system maintenance tool usage to ext4, and how to get the most out of the file system.

Current and upcoming features of ext4 that provide advantages over ext3

Feature

Advantage

Larger file systems

Ext3 tops out at 32 tebibyte (TiB) file systems and 2 TiB files, but practical limits may be lower than this depending on your architecture and system settings—perhaps as low as 2 TiB file systems and 16 gibibyte (GiB) files. Ext4, by contrast, permits file systems of up to 1024 pebibyte (PiB), or 1 exbibyte (EiB), and files of up to 16 TiB. This may not be important (yet!) for the average desktop computer or server, but it is important to users with large disk arrays.

Extents

An extent is a way to improve the efficiency of on-disk file descriptors, reducing deletion times for large files, among other things.

Persistent preallocation

If an application needs to allocate disk space before actually using it, most file systems do so by writing 0s to the not-yet-used disk space. Ext4 permits preallocation without doing this, which can improve the performance of some database and multimedia tools.

Delayed allocation

Ext4 can delay allocating disk space until the last moment, which can improve performance.

More subdirectories

If you've ever felt constrained by the fact that a directory can only hold 32,000 subdirectories in ext3, you'll be relieved to know that this limit has been eliminated in ext4.

Journal checksums

Ext4 adds a checksum to the journal data, which improves reliability and performance.

Online defragmentation

Although ext3 isn't prone to excessive fragmentation, files stored on it are likely to become at least a little fragmented. Ext4 adds support for online defragmentation, which should improve overall performance.

Undelete

Although it hasn't been implemented yet, ext4 may support undelete, which, of course, is handy whenever somebody accidentally deletes a file.

Faster file system checks

Ext4 adds data structures that permit fsck to skip unused parts of the disk in its checks, thus speeding up file system checks.

Nanosecond timestamps

Most file systems, including ext3, include timestamp data that is accurate to a second. Ext4 extends the accuracy of this data to a nanosecond. Some sources also indicate that the ext4 timestamps support dates through April 25, 2514, versus January 18, 2038, for ext3.